Search CVE reports
51 – 60 of 115 results
CVE-2016-9775
Medium prioritySome fixes available 9 of 12
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2016-9774
Medium prioritySome fixes available 9 of 12
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2016-8735
High prioritySome fixes available 10 of 13
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2016-6816
Medium prioritySome fixes available 10 of 13
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Fixed | Fixed |
CVE-2016-6797
Low prioritySome fixes available 5 of 10
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-6796
Low prioritySome fixes available 5 of 10
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-6794
Low prioritySome fixes available 5 of 10
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70,...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Fixed |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-5018
Medium prioritySome fixes available 4 of 9
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | Not in release | Not in release | Not in release | Not in release | Not affected |
tomcat7 | Not in release | Not in release | Not in release | Not affected | Fixed |
tomcat8 | Not in release | Not in release | Not in release | Not affected | Fixed |
CVE-2016-0762
Low prioritySome fixes available 5 of 9
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This...
3 affected packages
tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tomcat6 | — | — | Not in release | Not in release | Fixed |
tomcat7 | — | — | Not in release | Not affected | Fixed |
tomcat8 | — | — | Not in release | Not affected | Fixed |
CVE-2016-1000031
Negligible priorityApache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
4 affected packages
libcommons-fileupload-java, tomcat6, tomcat7, tomcat8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcommons-fileupload-java | — | — | — | — | Ignored |
tomcat6 | — | — | — | — | Ignored |
tomcat7 | — | — | — | — | Ignored |
tomcat8 | — | — | — | — | Ignored |